So last week it was announced at the FIDO Plenary in Dublin, Ireland (I wish I would have been able to attend) that 18 different companies and 31 different products have been FIDO certified. This...
So the opening keynote today at the RSA Conference by Amit Yoran (the president of RSA) was very interesting. While many of his comments are not necessarily new, it is interesting to hear it from...
So on the first day of the RSA Conference they hold the Innovation Sandbox; a contest for select new companies to present their ideas in 3 minutes as the best new innovation in security. Congratulations...
A couple of security reports released this week by Symantec and Verizon point to three critical areas organizations should consider: — A large percentage of security breaches involve phishing. A report from Verizon Communications Inc...
Late on Wednesday, it was confirmed that Anthem, the second largest health insurer in the U.S., was breached (ransacked is the word used to describe the attack and severity of the access). While it isn’t...
Yesterday, Qualys announced a new vulnerability called GHOST. (Since Shellshock, everyone thinks vulnerabilities need to be named.) This vulnerability is in a critical library, glibc, and is a library used by the Linux kernel and...
The annual list of the worst passwords just came out. As usual, it should be more than enough to make those of us trying to provide security groan, moan, and slap our collective heads. The...
I ran across this article about the latest iCloud problem. The security hole is interesting in that it could be exploited to bypass any and all higher-level or secondary authentication checks. So the hack came...
So a breach reported by the US Postal Service (USPS) a few months ago has now revealed that 485,000 employees may have been impacted. Importantly, the data is health information, not necessarily financial, but included...
Interesting news today on the JPMorgan Chase hack from earlier this year. Apparently, while Chase had implemented 2FA in general, they didn’t complete the coverage on all servers and services. The attackers were simply able...
